Effective Date: February 24, 2026

Last Updated: February 24, 2026

1. Introduction

Hisapay ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our mobile application and services (collectively, the "Services"). By using Hisapay, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following types of information to provide and improve our Services:

2.1 Personal Information

Full name, date of birth, and gender. National ID, passport, or other government-issued identification. Phone number and email address. Residential address and nationality. Photographs and identity verification documents (for KYC compliance).

2.2 Financial Information

Wallet balances and transaction history. Payment methods and linked accounts. Gold wallet holdings and investment data. Virtual card details and usage.

2.3 Technical & Usage Data

Device information (type, model, operating system). IP address and approximate location (city/country level). App usage patterns, preferences, and settings. Log data, crash reports, and performance metrics. Cookies and similar tracking technologies.

2.4 Biometric Information

Face ID, Touch ID, or fingerprint data (stored locally on your device only). Used solely for secure authentication. Not transmitted to our servers or shared with third parties.

2.5 Communication Data

Customer support interactions and feedback. Device tokens for push notifications. Marketing preferences and communication history.

3. How We Use Your Information

We use your information for the following purposes: Account Management (Create, verify, and manage your account). Transaction Processing (Execute payments, transfers, and exchanges). Security & Fraud Prevention (Detect and prevent unauthorized access and fraudulent activities). Compliance (Meet KYC, AML, and regulatory requirements). Service Improvement (Analyze usage patterns to enhance features and user experience). Customer Support (Respond to inquiries and resolve issues). Notifications (Send transaction alerts, security updates, and important account information). Analytics (Understand user behavior and app performance through analytics services). Marketing (Provide promotional offers and updates with your consent).

4. Legal & Regulatory Compliance

As a regulated financial services provider, we process your information to comply with: Know Your Customer (KYC) regulations. Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) laws. Financial transaction monitoring and reporting requirements. Court orders, legal processes, and law enforcement requests. Tax reporting obligations where applicable.

5. How We Share Your Information

We do not sell or rent your personal information to third parties. We may share your data only with: Financial Institutions (Banks, payment processors, and card networks for transaction processing). Verification Partners (Identity verification and KYC service providers). Technology Providers (Cloud hosting, analytics, and infrastructure services including Firebase, Google Cloud). Regulatory Authorities (Government agencies and law enforcement when legally required). Business Partners (Agent network operators and merchant service providers). Professional Advisors (Legal, accounting, and consulting firms under confidentiality agreements). All third parties are contractually required to protect your information and use it only for specified purposes.

6. Third-Party Services

We use third-party services that may collect and process your data: Firebase (Google) for analytics, crash reporting, cloud messaging, and authentication. Payment Gateways for transaction processing and payment facilitation. Cloud Services for data storage and hosting infrastructure. These services operate under their own privacy policies. We recommend reviewing Google Privacy Policy at https://policies.google.com/privacy

7. Data Security

We implement industry-standard security measures to protect your information: End-to-end encryption for sensitive data transmission. Secure server infrastructure with access controls. Regular security audits and vulnerability assessments. Fraud detection and monitoring systems. Multi-factor authentication options. However, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your login credentials.

8. Data Retention

We retain your information for as long as: Your account remains active. Required by financial regulations (typically 5-7 years after account closure). Necessary for fraud prevention, dispute resolution, or legal compliance. You have not requested deletion (subject to legal retention requirements).

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights: Access (Request a copy of your personal information). Correction (Update or correct inaccurate data). Deletion (Request account and data deletion subject to regulatory limitations). Portability (Receive your data in a structured, machine-readable format). Withdraw Consent (Opt-out of marketing communications or optional data collection). Object (Object to certain data processing activities). Restriction (Request limitation of data processing in specific circumstances). To exercise your rights, contact us at support@hisapay.com. Account Deletion: Upon request, we will delete your personal data within 30 days, except where retention is legally required. Transaction records may be anonymized rather than deleted for compliance purposes.

10. Location Data

We collect approximate location information (city/country level) through analytics services for: Fraud detection and transaction verification. Service improvement and user experience analysis. Regulatory compliance and security purposes. Finding nearby agent locations (future feature). We do not track precise GPS coordinates or monitor your location continuously. Location data is collected passively and not shared with third parties for marketing purposes.

11. Children's Privacy

Hisapay is intended for users aged 18 and older. We do not knowingly collect personal information from individuals under 18. If we discover that a minor has provided information, we will delete it immediately. If you believe a child has provided us with personal information, please contact us at support@hisapay.com.

12. International Data Transfers

Your information may be transferred to, stored, and processed in countries outside Sudan, including servers operated by our cloud service providers (such as Google Cloud, Firebase). We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

13. Cookies & Tracking Technologies

We use cookies, web beacons, and similar technologies to: Remember your preferences and settings. Analyze app performance and user behavior. Enhance security and prevent fraud. Deliver relevant content and notifications. You may disable cookies through your browser or device settings, though this may affect certain app features.

14. Push Notifications

We send push notifications for: Transaction confirmations and alerts. Security notifications and account updates. Promotional offers (with your consent). You can manage notification preferences in your device settings or within the app.

15. Data Breach Notification

In the unlikely event of a security breach affecting your personal information, we will notify you within 72 hours via email, SMS, or in-app notification, as required by law. We will also inform relevant regulatory authorities where necessary.

16. Third-Party Links

Our Services may contain links to third-party websites, apps, or services. We are not responsible for the privacy practices of these external parties. We encourage you to review their privacy policies before providing any information.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. We will notify you of significant changes through in-app notifications, email announcements, and updated "Last Updated" date at the top of this policy. Continued use of Hisapay after changes constitutes acceptance of the updated policy.

18. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us: Email: support@hisapay.com, Website: www.hisapay.com

19. Governing Law

This Privacy Policy is governed by the laws of Sudan. Any disputes arising from this policy will be resolved in accordance with Sudanese jurisdiction.

By using Hisapay, you acknowledge that you have read, understood, and agree to this Privacy Policy.